Socks 4, 5 - Wingate Proxy
Posted on 2004-10-07
This sucks :(
Got a call from my T1 provider today and it seems that my server (Win 2003 Enterprise) has been hacked... Ports 23 & 1080 are showing Socks 4 & 5 and Wingate Proxy vulnerabilities, and my SPAM abuse rating is at 4.5 per senderbase.org. I am not purposefully running a proxy server, I am running the basic firewall in Routing and Remote Acess, and only have a few ports open of which 25 & 1080 are not open in RaRAS.
This server is a multiple occupancy building where everyone shares the same T1 and just uses differnt local IP's (eg: 192.168.20.x, 192.168.30.x, etc.). So I am assuming that the hack came from one of the other IP blocks via the internet because I am using Group Policy to lock up what functions I don't want the user to have.
So... now that you guys have the background, what should I do? I have a Sonicwall Pro 200 I can put in place, but would rather use a software solution as I am not a fan of hardware firewalls. They are cumbersome and hard to maintain from remote. Also I need to protect the Inside of the LAN form the other IP ranges. I am considering MS ISA Server, but would rather get the opinion of you guys first... Thanks :)